Towards Secure Open Banking Architecture: An Evaluation with OWASP

Deina Kellezi, Christian Boegelund, Weizhi Meng*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

458 Downloads (Pure)


The European Union passed the PSD2 regulation in 2015, which gives ownership of bank accounts to the private person owning it. As a result, the term Open Banking, allowing third party providers and developers access to bank APIs, has emerged, welcoming a myriad of innovative solutions for the financial sector. However, multiple cyber security issues arise from exposing bank data to third party providers through an API. In this work, we propose an architectural model that ensures clear separation of concern and easy integration with Nordea’s Open Banking APIs (sandbox version), and a technological stack, consisting of the micro-framework Flask, the cloud application platform Heroku and persistent data storage layer (using Postgres). We analyze the web application’s security threats, and determine whether or not the technological frame provides adequate security protection, by leveraging the OWASP Top 10 list of the Ten Most Critical Web Application Security Risks. Our results can support future developers and industries working on web applications for Open Banking towards security improvement by choosing the right frameworks and considering the most important vulnerabilities, as well as contributing to the documentation and development of Nordea’s APIs.

Original languageEnglish
Title of host publicationNetwork and System Security
EditorsJoseph K. Liu, Xinyi Huang
Publication date1 Jan 2019
ISBN (Print)9783030369378
Publication statusPublished - 1 Jan 2019
Event13th International Conference on Network and System Security - Sapporo, Japan
Duration: 15 Dec 201918 Dec 2019


Conference13th International Conference on Network and System Security
SeriesLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11928 LNCS


  • Open Banking API
  • PSD2 regulation
  • Secure architecture
  • Threat and risk
  • Web security


Dive into the research topics of 'Towards Secure Open Banking Architecture: An Evaluation with OWASP'. Together they form a unique fingerprint.

Cite this